General BSoD question

T

Thufir

Here's the scenario:

can only boot into safemode, safemode with networking gives a BSoD
regarding spooldr.sys, which may be the result of malware.

From services.msc, should the print spooler be enabled or disabled? Use
task manager to kill a process? That is, how to get into safe mode with
networking at least, if not normal mode?



thanks,

Thufir
 
P

Pegasus \(MVP\)

Thufir said:
Here's the scenario:

can only boot into safemode, safemode with networking gives a BSoD
regarding spooldr.sys, which may be the result of malware.

From services.msc, should the print spooler be enabled or disabled? Use
task manager to kill a process? That is, how to get into safe mode with
networking at least, if not normal mode?



thanks,

Thufir
Click to expand...

You can disable the print spooler but you won't be able
to print, of course.
 
G

Guest

Thufir said:
Here's the scenario:

can only boot into safemode, safemode with networking gives a BSoD
regarding spooldr.sys, which may be the result of malware.

From services.msc, should the print spooler be enabled or disabled? Use
task manager to kill a process? That is, how to get into safe mode with
networking at least, if not normal mode?



thanks,

Thufir
Click to expand...

Recent changes that sparked the boot into safemode only? Did you install any
software or hardware or attempt to change the boot screen? That's where I
would start with the troubleshooting.
 
B

Bruce Chambers

Thufir said:
Here's the scenario:

can only boot into safemode, safemode with networking gives a BSoD
regarding spooldr.sys, which may be the result of malware.

From services.msc, should the print spooler be enabled or disabled? Use
task manager to kill a process? That is, how to get into safe mode with
networking at least, if not normal mode?
Click to expand...


If you spelled the file name ("spooldr.sys") correctly, it's almost
certainly malware. The proper name for the Print Spooler is
"spoolsv.exe." If you can get into the Recovery Console, try deleting,
or at least renaming, the suspect file.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
 
T

Thufir

If you spelled the file name ("spooldr.sys") correctly, it's almost
certainly malware. The proper name for the Print Spooler is
"spoolsv.exe." If you can get into the Recovery Console, try deleting,
or at least renaming, the suspect file.
Click to expand...

Yes, I saw many references to Trojans regarding that file. It's so
arbitrary, spooldr.sys *sounds* genuine to me, I was assuming that this
file was a (possibly critical) system file which the Trojan had hijacked.

Aside from deleting or renaming the file, would the task manager come
into play? Is there a particular process to kill?

I found

http://blog.misec.net/tag/rootkits/
http://www.greatis.com/security/
Removal_Spooldr.exe_Spooldr.sys_rootkit.htm

Which give more information. Actually, it appears to be a rootkit.


thanks,

Thufir
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

rename or remove spooldr.sys et. al. 1
blue screen of death (BSOD) at boot after malware clean 5
BSOD on cold boots only 5
stopping XP reinstall 9
Safe mode question 14
Bad_Pool_Header BSOD and crashing computers. 1
default settings for MSConfig? 1
BSOD caused by monitor? 10

Top